Claude Code v2.1.146 Makes Code Review and Background Work Operational

Claude Code v2.1.146 looks like a maintenance release until you read the change list as an operations document. Then the pattern is pretty obvious: Anthropic is moving Claude Code away from “smart terminal assistant” and toward a governed runtime for review, background work, MCP tools, Windows sessions, managed login, and multi-agent execution.

That is the correct direction. The first generation of coding-agent adoption was about whether the model could write useful code. The next generation is about whether teams can leave the agent running, trust the tool catalog it sees, preserve permissions across the right boundaries, and enforce identity policy even when developers bring alternate provider credentials. Less magic, more contract. Good.

The rename from /simplify to /code-review is doing product work

The visible headline in v2.1.146 is that /simplify is now /code-review, with optional effort levels such as /code-review high. That sounds like naming polish, but names become workflow contracts. “Simplify this” invites a rewrite toward elegance. “Review this” asks the agent to inspect work the way a teammate would: correctness, maintainability, security, regressions, and judgment.

For teams using agents to generate code, that shift matters because the review step is where the workflow either becomes engineering or cosplay. A model that writes code and then immediately congratulates itself is not a teammate. A model that can be explicitly invoked as a reviewer, with adjustable effort, starts to fit into the loop engineers already understand: generate, inspect, test, revise, merge. The command name tells users what job the agent is supposed to be doing.

The release also fixes Auto mode so it no longer suppresses AskUserQuestion when a user or skill explicitly relies on it. That is another small detail with a big operational shadow. “Autonomous” should not mean “silently ignore the workflow’s designed human checkpoint.” If a skill needs a question answered before proceeding, the agent should ask. Removing humans from every loop is not maturity; routing them to the right loop is.

Background sessions are where agent UX becomes reliability engineering

The background-session fixes are the most practical part of the release. Claude Code now handles /background sessions whose only typed input was a skill or custom slash command, stops attached Windows Terminal sessions from strobing while Claude streams, and avoids re-prompting for tool permissions already granted with “don’t ask again” after a session is backgrounded.

That last fix is not merely convenience. Permission state is part of the session contract. If a developer grants a tool permission with a persistent choice, a backgrounded session should not bounce back to the foreground because the runtime forgot. But the inverse also matters: that permission must follow the right session and the right job, not leak into unrelated work. Agent runtimes are now state machines with shells attached. Treating them like chat tabs is how teams get weird failures and eventually a security incident.

There is also a Windows safety fix that deserves more attention than it will get: removing a background-job worktree no longer follows NTFS junctions into the main repository. That is exactly the class of bug that turns “clean up the temporary thing” into “why did my real checkout change?” Worktrees and background jobs are powerful because they let agents operate away from the main branch. They are dangerous when cleanup code treats filesystem indirection casually. If your agent runtime touches files, symlinks and junctions are part of the threat model.

MCP pagination is not plumbing trivia

Claude Code v2.1.146 also fixes MCP pagination for resources/list, resources/templates/list, and prompts/list. That sounds boring unless you operate a real MCP estate. If page two of a tool catalog disappears, the agent is not choosing from available context; it is choosing from a truncated version of reality. From the outside, that looks like model weakness. From the inside, it is a runtime bug.

Teams adding MCP servers should treat this release as a reminder to test discovery, not just tool calls. Create enough resources, templates, and prompts to force pagination. Verify the agent can see every page. Make failures loud. A coding agent that cannot enumerate its tools correctly will produce inconsistent behavior that engineers misdiagnose as “the model being weird.” Sometimes the model is weird. Sometimes your list endpoint stopped at page one.

The same governance thread shows up in the managed-settings fix. Anthropic says forceLoginOrgUUID and forceLoginMethod are now enforced against third-party-provider and API-key sessions. Enterprise buyers should underline that. Login policy that only applies to the blessed path is not policy; it is a suggestion with side doors. If developers can bypass org identity by choosing another provider credential path, the tool is not ready for serious deployment.

Multi-agent users also get a fix forwarding CLAUDE_CODE_SUBAGENT_MODEL to child processes. That matters because model routing is part of cost, quality, and governance. Parent and child agents accidentally diverging on model selection is how a predictable workflow becomes a mystery bill or a review gap.

What teams should actually do

If you run Claude Code seriously, do not just upgrade and nod at the changelog. Test the ugly paths. Start a background session from a skill-only command. Attach from Windows Terminal. Remove a worktree containing junctions in a disposable repo. Build a paginated MCP server and confirm all pages are visible. Run a multi-agent session with CLAUDE_CODE_SUBAGENT_MODEL. Try third-party-provider and API-key sessions under managed login rules and verify policy cannot be bypassed.

The broader lesson is that coding agents become useful at team scale when the boring pieces stop being surprising. Review should be explicit. Permission state should persist correctly. Tool catalogs should be complete. Worktree cleanup should be safe. Login policy should cover every credential path, not just the happy one.

Claude Code v2.1.146 is not a keynote release. It is better than that: it is a release about making the agent less haunted when engineers use it like infrastructure.

Sources: GitHub — Claude Code v2.1.146, Claude Code repository, Claude Code docs